From 449050339324c14741f822238cbf4e465a7c1b6c Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 8 May 2023 15:42:12 -0400
Subject: [PATCH 1/2] update single aws terraform s3

---
 examples/aws/terraform/starter-cluster/s3.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/examples/aws/terraform/starter-cluster/s3.tf b/examples/aws/terraform/starter-cluster/s3.tf
index 4757fa1b960f0..15443b23d17ed 100644
--- a/examples/aws/terraform/starter-cluster/s3.tf
+++ b/examples/aws/terraform/starter-cluster/s3.tf
@@ -13,10 +13,19 @@ resource "aws_s3_bucket" "storage" {
 }
 
 resource "aws_s3_bucket_acl" "storage" {
+  depends_on = [aws_s3_bucket_ownership_controls.storage]
   bucket = aws_s3_bucket.storage.bucket
   acl    = "private"
 }
 
+resource "aws_s3_bucket_ownership_controls" "storage" {
+  bucket = aws_s3_bucket.storage.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 // For demo purposes, CMK is not needed
 // tfsec:ignore:aws-s3-encryption-customer-key
 resource "aws_s3_bucket_server_side_encryption_configuration" "storage" {

From 98136de44a1bf5d300b3813bc955639e5e637d27 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 8 May 2023 15:51:52 -0400
Subject: [PATCH 2/2] terraform lint fix

---
 examples/aws/terraform/starter-cluster/s3.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/aws/terraform/starter-cluster/s3.tf b/examples/aws/terraform/starter-cluster/s3.tf
index 15443b23d17ed..7d3b492d8e65d 100644
--- a/examples/aws/terraform/starter-cluster/s3.tf
+++ b/examples/aws/terraform/starter-cluster/s3.tf
@@ -14,8 +14,8 @@ resource "aws_s3_bucket" "storage" {
 
 resource "aws_s3_bucket_acl" "storage" {
   depends_on = [aws_s3_bucket_ownership_controls.storage]
-  bucket = aws_s3_bucket.storage.bucket
-  acl    = "private"
+  bucket     = aws_s3_bucket.storage.bucket
+  acl        = "private"
 }
 
 resource "aws_s3_bucket_ownership_controls" "storage" {